Are you are not wanting to count passphrased ssh keys?
– Phillip NordwallJul 31 '12 at 17:57

4

Oh, right. I should have specified that. No, that doesn't count. I'd like the server to have to be authenticated against twice, not the client :-)
– chrisdotcodeJul 31 '12 at 18:07

@ChrisBlake - why? What problem are you trying to solve? Can you be more specific? What's your threat model? What risk are you trying to defend against?
– D.W.Aug 1 '12 at 2:13

7

@D.W. Threat model for requiring this: working with people you don't trust to take security as seriously as you do. You want to make it impossible for someone to compromise your server if their laptop, with a carelessly unencrypted ssh key, is stolen.
– user18203Dec 30 '12 at 4:19

3

@JaneDoe, if that's the problem, then this might be better solved through policy rather than a technical mechanism. Requiring a password on every login has major disadvantages, and it sounds counterproductive to me. I think it's better to just set an organizational policy requiring all your sysadmins to encrypt their private key with a passphrase. (If you don't trust your sysadmins to follow this policy, why are you letting them administer your systems?)
– D.W.Dec 31 '12 at 22:33

5 Answers
5

With recent Fedora and RHEL 6 releases, you can use RequiredAuthentications2 pubkey,password to require both pubkey and password authentication. Usually this is done to require pubkey and 2-factor authentication token, not the user's password.

Update: Now on RHEL / CentOS 7, and any system with a recent version of OpenSSH, you can use:

You can have both public-key and password authentication on the same server. If public-key authentication fails, it will go to password authentication.

As to requiring both, that's seems silly and counterproductive, and checking man sshd_config there isn't an option to do this.

Your ssh private key should have a secure passphrase. So if an attacker obtains your private key, they still can't do anything without first obtaining your passphrase. If they've compromised that passphrase (most likely with a keylogger; or from brute forcing an extremely weak passphrase) they can trivially also grab/brute force any memorized password.

If you really want, you could possibly setup something with say ForceCommand (e.g., only allow public-key authentication and then direct user to a shell that prompts for a password). I don't recommend this.

A better alternative if you want to limit exposure, is to have a firewall setup to limit IPs that can reach the ssh port; possibly with an additional VPN running on a server somewhere if you may need to tunnel from another computer at some point. You could also use something like knockd to open a hole in a firewall after a particular port-knocking pattern, though recognize that anyone eavesdropping on traffic could replay the knocking pattern to open up a port.

Right. I should have taken the hint from @Phillip's comment, since the private key already needs a password, it's already a form of two-factor auth. And yeah, I'm also going to set up a port knocking daemon, but I couldn't choose from the given implementations on the website. Thanks for the referral and answer.
– chrisdotcodeJul 31 '12 at 18:39

2

Consider the case when the attacker has taken control of a machine in which the user has used an authentication agent (e.g., ssh-agent) to cache the private key. The attacker doesn't have the passphrase, but can still use the private key until the agent flushes its cache. It's in this scenario that requiring the key and the login password can help.
– PsychonautJun 22 '16 at 6:33

4

"So if an attacker obtains your private key, they still can't do anything without first obtaining your passphrase. If they've compromised that passphrase (most likely with a keylogger; or from brute forcing an extremely weak passphrase) they can trivially also grab/brute force any memorized password." True, but there is an additional reason for using a server-side password: prevent offline cracking. E.g. from a mobile device, 4 digits can be a secure additional authentication measure if it's locked out indefinitely after 3 attempts, but with a passphrase on the privkey you can't do lockout.
– LucMar 6 '17 at 9:05

Which means to have PAM enabled, to have enabled every line that concerns the publik key and, finally, to have AuthenticationMethods properly listing both methods.
Please note that, despite what was written by Jakuje, you should not add a comma between publickey and password after AuthenticationMethods.